On Mon, Feb 23, 2015 at 11:08:31AM +0100, Raphael Glon wrote: > On 02/19/2015 12:45 PM, Richard W.M. Jones wrote: > >On Wed, Feb 18, 2015 at 07:23:52PM +0100, Raphael Glon wrote: > >>I entcountered a similar case more recently on powerkvm 2.1.0 > >>(defect with the libguestfs) > >What's the actual bug? We've worked hard, with IBM, to make > >libguestfs work on POWER 7 and POWER 8 systems. I have full access to > >those systems through Red Hat. If there's a new bug I'm sure we'll be > >able to fix it. > > > >Rich. > > > Hi, thank you for all your answers. > > Not saying there are "actual" bugs (anyway I'm stuck here because i would > need to find time+environment to recheck all/reproduce) -> i haven't even > deployed juno on pkvm yet > > We've talked with ibm (and they have likely been working with you) and they > are really responsive in fixing defects with their distribution > > We've entcountered two problems with powerkvm regarding nova + libguestfs. > > 1. since pkvm 2.1.x is forked from a Fedo 19, we fell back to this Red Hat > bug you fixed regarding the attach method > > Note that one of the workaround proposed was > > sudo sysctl -w fs.protected_hardlinks=0 + common user nova/qemu > > > -> Not a specialist here, but seems like to be able to use libguestfs to > avoid "potential" issues with fuse mounts, we open other "potential" holes > somewhere else
The alternative Nova implementation is *not* using fuse, it is using real mounts on the host FS. This is not a potential issue, it is an *actual* issue. There have been bugs in Linux filesystem drivers, including ext4, that would have allowed a malicous kernel image to crash and/or exploit the host kernel if mounted. http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems The libguestfs architecture is explicitly designed such that any security critical tasks take place inside an unprivileged KVM guest. So unless Nova is using libguestfs in a broken way, the security of libguestfs is effectively equivalent to the security of KVM in general. This is a faaar better security architecture design > 2. because pkvm 2.1.x is forked from fedo 19 it embeds rather old versions > of libguestfs and libvirt. Fedora 19 is end of life so not really relevant any more as a target. If there are bugs you find in current versions of Fedora please file bugs so they can be addressed. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
